Precedente :: Successivo |
Autore |
Messaggio |
Solenry86 Mortale devoto
Registrato: 03/01/08 17:31 Messaggi: 8
|
Inviato: 03 Gen 2008 18:55 Oggetto: Chiusura improvvisa pagine internet e messenger |
|
|
Ciao a tutti! E' la prima volta che scrivo in questo forum perchè ho un problema piuttosto serio con il mio pc e non intendendomene molto ho pensato di chiedere a chi ne sa certamente di più. Preciso che non conosco i termini meno usati in materia informatica ma me la cavicchio solo un po' in generale, ma niente di più. Adesso vi espongo il mio problema.
Come sistema operativo ho windowsXP e da due giorni mi si chiudono improvvisamente sia messenger(dicendomi che si è verificato un errore) sia Internet explorer che Mozilla. Explorer e mozilla mi si chiudono solo quando vado in particolari siti, per esempio quando visito il blog di una mia amica che fino a due giorni fa visitavo tranquillamente. Messenger invece mi si chiude o quando ricevo una mail o quando chiudo una conversazione. Preciso che in questi due giorni non ho installato nulla di nuovo. Vi prego aiutatemi! Sono in crisi!!!! |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14303 Residenza: 3° pianeta del sistema solare...
|
|
Top |
|
|
cosmic Mortale devoto
Registrato: 02/01/08 13:43 Messaggi: 19
|
Inviato: 04 Gen 2008 10:34 Oggetto: anche a me succedeva con Internet Explorer |
|
|
Anche a me succedeva con Internet Explorer (messenger non lo uso)..
Accadeva con alcuni siti e pensavo che qualche plugin non funzionasse bene...
Poi ho trovato per caso questo post e ho risolto:
http://forum.zeusnews.com/viewtopic.php?t=21605&start=0&postdays=0&postorder=asc&highlight=
Non avevo nemmeno il programma Hijack, solo che ho capito che era il mio caso: un trojan faceva chiudere tutto ciò che gli "dava fastidio".
Non so se sia il tuo caso, comunque per prima cosa dovresti proprio provare HijackThis. E se non parte... Segui le istruzioni del post che ti ho indicato! |
|
Top |
|
|
Solenry86 Mortale devoto
Registrato: 03/01/08 17:31 Messaggi: 8
|
Inviato: 04 Gen 2008 11:06 Oggetto: |
|
|
Ciao Cosmic! Ho provato a fare quello che hai fatto tu per risolvere il problema, ma non ho risolto anche perchè i file di registro che dovevo controllare come hai fatto tu mi parevano a posto e comunque i sintomi di questa schifezza che ho nel pc sono leggermente diversi!!!
Ho apprezzato molto l'aiuto!!!! Grazie |
|
Top |
|
|
cosmic Mortale devoto
Registrato: 02/01/08 13:43 Messaggi: 19
|
Inviato: 04 Gen 2008 11:19 Oggetto: HijackThis |
|
|
Quindi hai usato HijackThis?
Posta qui il log!!
Io non sono espertona, ma tutti gli altri in questo forum sono dei veri manici! |
|
Top |
|
|
Solenry86 Mortale devoto
Registrato: 03/01/08 17:31 Messaggi: 8
|
Inviato: 04 Gen 2008 11:59 Oggetto: |
|
|
Ciao cosmic! Sai mica se devo postare tutto su pronto soccorso Zeus? Perchè ho letto così! Scusa se ti chiedo queste cose, ma sono nuovo. |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14303 Residenza: 3° pianeta del sistema solare...
|
Inviato: 04 Gen 2008 12:21 Oggetto: |
|
|
Si, alleghi il log nella tua prossima risposta a questo thread. |
|
Top |
|
|
Solenry86 Mortale devoto
Registrato: 03/01/08 17:31 Messaggi: 8
|
Inviato: 04 Gen 2008 15:06 Oggetto: |
|
|
Preciso che prima di fare il log di hijack ho applicato tutte le procedure per limitare al minimo il log, nel senso che ho scansionato con i diversi antivirus, antispyware ecc, in modalità provvisoria e non come ho letto in un post per facilitare il compito a chi analizzerà il mio log di hijack. Prima di fare il log inoltre ho chiuso tutti i programmi p2p, messenger ecc. Spero di aver fatto tutto a modo. Se non dovesse andare bene qualcosa vi prego di dirmi cosa fare di preciso, o comunque il meglio possibile, perchè sono veramente inesperto in materia. Intanto vi ringrazio moltissimo per la pazienza e la cortesia.
Il log di hijack è il seguente:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.56.29, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
D:\Programmi\Powercinema4.0\PCMService.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\Programmi\Office 2007\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
D:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Soleto Enrico\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PCMService] "D:\Programmi\Powercinema4.0\PCMService.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\Programmi\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Orbit.lnk = D:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download all by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://solenry.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programmi\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 13438 bytes |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14303 Residenza: 3° pianeta del sistema solare...
|
Inviato: 04 Gen 2008 15:12 Oggetto: |
|
|
Il log di hijackthis sembra pulito.
Segui le istruzioni di questo topic per postare il log di combofix. |
|
Top |
|
|
Solenry86 Mortale devoto
Registrato: 03/01/08 17:31 Messaggi: 8
|
Inviato: 04 Gen 2008 15:34 Oggetto: |
|
|
Il log di combofix è il seguente:
ComboFix 08-01-04.1 - Soleto Enrico 2008-01-04 15:21:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.169 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Soleto Enrico\Desktop\ComboFix(1).exe
.
((((((((((((((((((((((((( Files Creati Da 2007-12-04 al 2008-01-04 )))))))))))))))))))))))))))))))))))
.
2008-01-04 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 15:15 . 2008-01-04 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-01-04 12:19 . 2008-01-04 12:19 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-04 12:18 . 2008-01-04 12:18 <DIR> d-------- C:\Programmi\Yahoo!
2008-01-04 12:18 . 2008-01-04 12:18 <DIR> d-------- C:\Programmi\CCleaner
2008-01-04 12:17 . 2008-01-04 15:21 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-04 12:13 . 2008-01-04 12:13 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Bitdefender
2008-01-04 12:11 . 2008-01-04 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-01-04 12:07 . 2008-01-04 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-04 12:04 . 2008-01-04 12:04 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-04 00:27 . 2008-01-04 00:27 <DIR> d-------- C:\HiJackThis
2008-01-03 15:33 . 2008-01-03 15:33 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-03 15:00 . 2008-01-03 15:00 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-03 15:00 . 2008-01-03 15:00 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-03 15:00 . 2008-01-03 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-03 12:47 . 2008-01-04 12:23 <DIR> d-------- C:\VEXPLITE
2008-01-03 12:47 . 2008-01-03 12:50 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-03 12:18 . 2008-01-03 12:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 00:16 . 2008-01-03 00:16 <DIR> d-------- C:\Programmi\Microsoft IntelliPoint
2008-01-03 00:12 . 2008-01-04 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-01-02 22:14 . 2008-01-03 00:11 <DIR> d-------- C:\Programmi\MSN Messenger
2007-12-28 20:48 . 2007-12-28 20:48 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-12-28 20:48 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-28 20:48 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-28 20:46 . 2007-12-28 20:46 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\PCF-VLC
2007-12-28 18:48 . 2007-12-28 18:48 <DIR> d-------- C:\Programmi\WIBUKEY
2007-12-28 18:48 . 2007-12-28 18:48 <DIR> d-------- C:\Programmi\WIBU-SYSTEMS
2007-12-28 18:48 . 2001-12-27 10:59 716,800 --a------ C:\WINDOWS\system32\Wibuke32.cpl
2007-12-28 18:48 . 2001-12-27 10:59 139,264 --a------ C:\WINDOWS\system32\WkWin32.dll
2007-12-28 18:48 . 2001-12-27 10:59 67,072 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2007-12-28 18:48 . 2001-12-27 10:59 57,552 --a------ C:\WINDOWS\system32\WKDOS.EXE
2007-12-28 18:48 . 2001-12-27 10:59 52,736 --a------ C:\WINDOWS\system\WkWin.dll
2007-12-28 18:48 . 2001-12-27 10:59 29,696 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2007-12-28 18:47 . 2007-12-28 18:47 <DIR> d-------- C:\Programmi\Motorola
2007-12-28 18:47 . 2001-06-12 14:04 244,024 --a------ C:\WINDOWS\system32\msflxgrd.ocx
2007-12-28 18:47 . 2004-03-08 10:18 77,895 --a------ C:\WINDOWS\system32\unibus_tcutil.dll
2007-12-28 18:47 . 2005-07-20 14:35 36,480 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-12-27 13:32 . 2007-12-28 18:39 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2007-12-27 12:50 . 2007-12-28 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Adobe(3)
2007-12-27 12:42 . 2007-12-28 18:40 <DIR> d-------- C:\Programmi\Spyware Doctor
2007-12-27 12:38 . 2007-12-28 20:48 <DIR> d-------- C:\Programmi\Picasa2
2007-12-27 12:36 . 2008-01-03 15:32 <DIR> d-------- C:\Programmi\Norton Security Scan
2007-12-25 20:03 . 2007-12-25 20:03 <DIR> d-------- C:\Programmi\Alice ti aiuta
2007-12-12 12:58 . 2007-12-12 12:58 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Participatory Culture Foundation
2007-12-11 22:26 . 2007-12-16 11:29 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\SopCast
2007-12-10 23:33 . 2007-12-10 23:33 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Windows Live Writer
2007-12-10 23:30 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-10 23:26 . 2007-12-10 23:26 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-10 22:39 . 2007-12-10 22:45 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-10 22:38 . 2008-01-02 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-10 22:37 . 2007-12-11 09:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-10 21:52 . 2008-01-02 21:30 <DIR> d-------- C:\Programmi\Windows Live
2007-12-10 21:52 . 2007-12-10 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-12-09 10:49 . 2008-01-02 21:29 <DIR> d-------- C:\Programmi\Google
2007-12-08 13:20 . 2007-12-08 13:20 <DIR> d-------- C:\MicroGaming
2007-12-07 15:26 . 2007-12-07 15:26 118,762 --a------ C:\WINDOWS\PCTelevision Uninstaller.exe
2007-12-06 20:39 . 2007-12-06 20:39 <DIR> d-------- C:\ppmaterecord
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Programmi\File comuni\Synacast
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\PPMate
2007-12-06 20:08 . 2007-12-06 20:08 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-12-06 20:05 . 2007-12-06 20:05 <DIR> d-------- C:\Documents and Settings\Soleto Enrico\Dati applicazioni\PPLive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 14:19 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Orbit
2008-01-03 17:36 --------- d-----w C:\Programmi\eMule
2008-01-03 15:31 --------- d-----w C:\Programmi\Java
2008-01-03 14:37 --------- d-----w C:\Programmi\Windows Live Toolbar
2007-12-28 17:47 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-27 12:52 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Skype
2007-12-27 11:50 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-18 21:41 --------- d-----w C:\Programmi\KONAMI
2007-12-12 13:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-10 17:28 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2007-11-25 17:31 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\TVU Networks
2007-11-25 17:23 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\OTVREG
2007-11-25 16:19 --------- d-----w C:\Programmi\Windows Live Safety Center
2007-11-21 08:25 --------- d--h--r C:\Documents and Settings\Soleto Enrico\Dati applicazioni\SecuROM
2007-11-20 21:54 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-20 17:02 --------- d-----w C:\Programmi\File comuni\EPSON
2007-11-20 17:01 --------- d-----w C:\Programmi\EPSON
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:18 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Autodesk
2007-11-11 22:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-11-11 22:14 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2007-11-11 22:13 --------- d-----w C:\Programmi\AnswerWorks 4.0
2007-11-11 22:07 --------- d-----w C:\Programmi\Autodesk
2007-11-10 13:54 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-10 13:54 --------- d-----w C:\Programmi\Replay Converter
2007-11-10 12:11 35,328 ----a-w C:\WINDOWS\cygz.dll
2007-11-10 12:11 1,126,281 ----a-w C:\WINDOWS\cygwin1.dll
2007-11-05 21:24 --------- d-----w C:\Documents and Settings\Soleto Enrico\Dati applicazioni\Apple Computer
2007-11-05 12:52 --------- d-----w C:\Programmi\Apple Software Update
2007-11-05 12:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-11-05 12:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-11-04 12:29 --------- d-----w C:\Programmi\MSXML 4.0
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 00:47 7573504]
"nwiz"="nwiz.exe" [2006-04-28 00:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-04-28 00:47 86016 C:\WINDOWS\system32\nvmctray.dll]
"CTHelper"="CTHELPER.EXE" [2003-06-09 03:07 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"PC-CAM 300 STI App Registration"="Pd016pin.dll" [2002-06-06 02:10 28672 C:\WINDOWS\system32\PD016Pin.dll]
"type32"="C:\Programmi\Microsoft IntelliType Pro\type32.exe" [2004-03-19 05:30 184320]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\point32.exe" [2004-03-19 05:29 212992]
"PCMService"="D:\Programmi\Powercinema4.0\PCMService.exe" [2005-06-20 05:32 127118]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"GrooveMonitor"="D:\Programmi\Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LanguageShortcut"="D:\Programmi\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-02 14:08 180269]
"QuickTime Task"="D:\Programmi\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"EPSON Stylus C42 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-19 04:03 74240]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 20:08 16050688 C:\WINDOWS\RTHDCPL.EXE]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-28 20:32 29744]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BDMCon"="C:\Programmi\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Programmi\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-12-28 20:41:12]
Orbit.lnk - D:\Programmi\Orbitdownloader\orbitdm.exe [2007-11-06 01:03:21]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 14:18:22]
WinZip Quick Pick.lnk - D:\Programmi\WinZip\WZQKPICK.EXE [2007-11-02 12:35:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 13:00]
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2002-06-05 02:10]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2002-06-05 02:10]
S3 USB28xxBGA;Cinergy Hybrid T USB XS;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-09-06 15:11]
S3 USB28xxOEM;Cinergy T USB XS Custom Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-09-06 15:11]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 15:23:48
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
Ora fine scansione: 2008-01-04 15:27:17
.
2008-01-03 17:01:36 --- E O F ---
Il log di Hijack aggiornato dopo aver effettuato il log di combofix è il seguente:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.30.21, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
D:\Programmi\Powercinema4.0\PCMService.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\Programmi\Office 2007\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
D:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Soleto Enrico\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PCMService] "D:\Programmi\Powercinema4.0\PCMService.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\Programmi\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Orbit.lnk = D:\Programmi\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download all by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://solenry.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Programmi\Powercinema4.0\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programmi\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 13370 bytes |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14303 Residenza: 3° pianeta del sistema solare...
|
|
Top |
|
|
Solenry86 Mortale devoto
Registrato: 03/01/08 17:31 Messaggi: 8
|
Inviato: 05 Gen 2008 11:45 Oggetto: |
|
|
Ho provato ad andare nelle pagine in cui mi si chiudeva tutto e adesso funzionano. Grazie mille per l'aiuto!!!! |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14303 Residenza: 3° pianeta del sistema solare...
|
Inviato: 07 Gen 2008 12:20 Oggetto: |
|
|
Contento che hai risolto!
Probabilmente ComboFix ha sistemato da solo il tuo problema. |
|
Top |
|
|
|